COVID-19 Immunity Passport

Inspiration

With rising efforts to develop a vaccine to curb the spread of COVID-19, govts. and employers are likely to demand from individuals to present proof-of-vaccination/-immunity before granting them access to public areas. These Immunity Passports (IP) need to be issued securely to avoid forgery, and they must be globally-valid and -accessible to reopen international travel. The solutions to issue and manage IPs must be decentralized in order to establish trust by citizens, given the sensitive nature of personal health information. And Blockchain-based Immunity Passports is a concept that is gaining popularity and has already been approved by many large organizations. The EOS blockchain provides a decentralized blockchain platform to securely issue and manage Immunity Passports by individuals and Health Organization workers by enabling decentralized identities and scalable smart contracts. Hence, we saw an opportunity to #CodeForChange and build a more trustworthy Immunity Passport solution for the future on the EOSIO platform.

What it does

Our Immunity Passport is the perfect DApp for individuals and health organization workers to proceed with the immunity certification process. At [link to demo website](https://github.com/meduryllc/poc-eosio-did-immunity-passport, Individuals can register using a Jungle Test Network account for a new DID (user account) on EOS blockchain and request for a SaR-CoV-2 antibody test. Ideally, verified health Workers of well-known organizations can issue Immunity Passports to those who gave the tested positive for antibody presence. This process of issuing, verification, and presentation are secured by a group of smart contracts, and the Immunity Passport cannot be forged by any means. The individual owner is in full control of their identity and personal information at all times, the solution is aimed to be privacy-preserving, globally-valid, and -accessible.

How we built it

We developed 4 separate Smart Contracts to securely govern each process in the operation. One of our goals was to implement DID Framework on EOS and ideally even Verifiable Credentials for Immunity Passports. But we decided to focus our efforts on building a simple User Interface for demonstrating the functionality of DApp. We used the EOSLime framework for testing our Smart Contracts and the Jungle Test Network for test deploying them. The UI was built beginning with a boilerplate Vue JS application that included Scatter integration. Additionally, we had to implement a NodeJS serverside component to automate the health worker verification process, the DApp confirms their email address and makes sure the domain belongs to an authorized health organization.

Challenges we ran into

While planning the solution, we also identified potential threats to process authorizations and user privacy. Our aim was to maximize decentralization and enable self-registration for users and health workers without storing any personally identifiable information. It was a challenging endeavor, the process to validate a health worker's license or to confirm their employment with a legitimate health organization was particularly tough to automate. We brainstormed creative ways to achieve this and ultimately settled with a place holder mechanism to maintain a whitelist of authorized organizations and their corresponding email address domains. Health Worker registration was then modified to include the process of confirming their email address had a domain corresponding to an organization in the whitelist. We had to additionally implement a Server-Side component to add new Health Workers to our Smart Contract table after the email confirmation process.

Accomplishments that we are proud of

We both are really glad to develop a full-stack Decentralized Application using EOSIO smart contract platform. As crypto-enthusiasts and blockchain researchers, we understand the potential of decentralized identity solutions and zero-knowledge proofs of credentials. It was exciting to apply our developer-skills and cryptography-knowledge towards solving a problem during the COVID-19 crisis. We believe privacy must be a fundamental right, not a privilege, and Immunity Passports tied to decentralized identifiers are the best way to achieve privacy. We are proud to have developed a proof-of-concept infrastructure to build upon and that can be evolved into a sustainable and trustworthy solution.

What we learned

We got the all-round development experience on EOSIO smart contract platform and we were exposed to different technologies in Web Application development including various frameworks and APIs of JavaScript. We also learned the importance of tests and repeatable unit tests while we were developing separate components of the application. Most valuably, we learned the nuances involved in utilizing a public blockchain network and how privacy can be a major issue when every transaction is essentially public.

What's next for EOSIO Immunity Passport

After the submission deadline, we plan to tie up some loose ends that we could not get to on-time. We then plan to gather some feedback on potential threats to the conceptualized process and its implementation. We specifically want to drill down on user privacy while providing an airtight solution that is resistant to all kinds of known tampering attempts. Later, we will develop a smartphone application for the same process and improve User Experience by providing features like Bar-Code based account sharing and discovery.

We understand that the concept of Immunity Passport is contingent upon its widespread acceptance and the medical researchers being able to prove the effectiveness of antibody presence in building immunity against the virus and its future possible mutations. The likeliness of which is uncertain so once we wrap up the MVP for Immunity Passport, we plan to shift gears towards advancing the DID implementation to cover the framework as much as possible to fit a wide range of identity applications. We have a feeling that the DID and VC standards will become a huge success and we want our codebase to be the go-to place when people look to utilize EOS for implementing DID or VC. We will then focus on developing infrastructure for well-known user credentials like Educational Degree and Driving Permit.

Lastly, Disclaimer: Our project was inspired by the following articles: